Report - g.exe

Generic Malware Malicious Library Malicious Packer ASPack UPX PE File PE32 OS Processor Check
ScreenShot
Created 2024.10.07 10:33 Machine s1_win7_x6401
Filename g.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score
5
Behavior Score
3.2
ZERO API file : mailcious
VT API (file) 30 detected (GotoHTTP, Artemis, Zusy, Unsafe, malicious, moderate confidence, RemoteAdmin, A potentially unsafe, Hacktool, CLOUD, lzrrv, MulDrop28, Generic Reputation PUA, STOP, susgen, GalbCJG8)
md5 9c2aeb99843094262e5038fd152a7db1
sha256 b1a74465a8c446d1b86d5984defdc18c9c06ad6107b7eb147f37df9b78cda104
ssdeep 49152:P2oh8doKrZmeR5B1qf5LVohWStiOtg01HTulXG:wZmenaVohWSsOtg0wQ
imphash 4f4b4a6805c5b99531ec1a40e1069a26
impfuzzy 192:DIFj/9sZLmNQQfoFzQ7RwJ9+WzyHZ4fSr7:DO79sZLs7RRoylr7
  Network IP location

Signature (7cnts)

Level Description
danger File has been identified by 30 AntiVirus engines on VirusTotal as malicious
watch Installs itself for autorun at Windows startup
notice Creates a service
notice Foreign language identified in PE resource
notice The binary likely contains encrypted or compressed data indicative of a packer
info The executable contains unknown PE section names indicative of a packer (could be a false positive)
info The file contains an unknown PE resource name possibly indicative of a packer

Rules (8cnts)

Level Name Description Collection
warning Generic_Malware_Zero Generic Malware binaries (upload)
watch ASPack_Zero ASPack packed file binaries (upload)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch Malicious_Packer_Zero Malicious Packer binaries (upload)
watch UPX_Zero UPX packed file binaries (upload)
info IsPE32 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (upload)

Network (13cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
spa.gotohttp.com BR UCloud (HK) Holdings Group Limited 152.32.197.201 clean
usw.gotohttp.com Unknown 43.130.10.102 clean
hk.gotohttp.com US Alibaba (US) Technology Co., Ltd. 47.241.41.42 clean
def.gotohttp.com Unknown 43.130.10.102 clean
tk.gotohttp.com Unknown 103.143.72.251 clean
eu.gotohttp.com Unknown 43.131.61.143 clean
use.gotohttp.com US Alibaba (US) Technology Co., Ltd. 47.252.31.236 clean
47.252.31.236 US Alibaba (US) Technology Co., Ltd. 47.252.31.236 clean
47.241.41.42 US Alibaba (US) Technology Co., Ltd. 47.241.41.42 clean
152.32.197.201 BR UCloud (HK) Holdings Group Limited 152.32.197.201 clean
43.130.10.102 Unknown 43.130.10.102 clean
103.143.72.251 Unknown 103.143.72.251 clean
43.131.61.143 Unknown 43.131.61.143 clean

Suricata ids

PE API

IAT(Import Address Table) Library

WS2_32.dll
 0x6105ac getservbyname
 0x6105b0 ntohs
 0x6105b4 gethostbyaddr
 0x6105b8 ntohl
 0x6105bc recvfrom
 0x6105c0 WSASetLastError
 0x6105c4 getservbyport
 0x6105c8 WSAIoctl
 0x6105cc send
 0x6105d0 WSAGetLastError
 0x6105d4 connect
 0x6105d8 inet_ntoa
 0x6105dc htons
 0x6105e0 closesocket
 0x6105e4 socket
 0x6105e8 ioctlsocket
 0x6105ec inet_addr
 0x6105f0 htonl
 0x6105f4 getsockname
 0x6105f8 setsockopt
 0x6105fc sendto
 0x610600 ind
 0x610604 gethostbyname
 0x610608 listen
 0x61060c accept
 0x610610 select
 0x610614 __WSAFDIsSet
 0x610618 getpeername
 0x61061c recv
 0x610620 WSAStartup
KERNEL32.dll
 0x610108 FindFirstFileW
 0x61010c FindNextFileW
 0x610110 RemoveDirectoryW
 0x610114 FindClose
 0x610118 DeleteFileW
 0x61011c TerminateProcess
 0x610120 WriteFile
 0x610124 CreateFileA
 0x610128 WaitNamedPipeA
 0x61012c CreateNamedPipeA
 0x610130 GetStartupInfoA
 0x610134 GetOverlappedResult
 0x610138 WaitForMultipleObjects
 0x61013c ReadFile
 0x610140 CreateEventW
 0x610144 GlobalFree
 0x610148 GlobalUnlock
 0x61014c GlobalLock
 0x610150 GlobalAlloc
 0x610154 GetFileSize
 0x610158 SetFileTime
 0x61015c CreateFileW
 0x610160 MoveFileW
 0x610164 CreateDirectoryW
 0x610168 SetEvent
 0x61016c GlobalSize
 0x610170 GetFileAttributesW
 0x610174 GetTempPathA
 0x610178 ResetEvent
 0x61017c WaitForSingleObject
 0x610180 TerminateThread
 0x610184 SetThreadPriority
 0x610188 CreateThread
 0x61018c GetLocalTime
 0x610190 OutputDebugStringA
 0x610194 WideCharToMultiByte
 0x610198 GetSystemTimeAsFileTime
 0x61019c DeviceIoControl
 0x6101a0 FindFirstFileA
 0x6101a4 FindNextFileA
 0x6101a8 GetDriveTypeW
 0x6101ac QueryPerformanceCounter
 0x6101b0 QueryPerformanceFrequency
 0x6101b4 GetSystemInfo
 0x6101b8 GetSystemDirectoryA
 0x6101bc CreateToolhelp32Snapshot
 0x6101c0 TryEnterCriticalSection
 0x6101c4 InterlockedExchangeAdd
 0x6101c8 InterlockedCompareExchange
 0x6101cc TlsFree
 0x6101d0 TlsSetValue
 0x6101d4 TlsAlloc
 0x6101d8 TlsGetValue
 0x6101dc GetTimeZoneInformation
 0x6101e0 GetStartupInfoW
 0x6101e4 IsDebuggerPresent
 0x6101e8 SetUnhandledExceptionFilter
 0x6101ec UnhandledExceptionFilter
 0x6101f0 GetDriveTypeA
 0x6101f4 FileTimeToLocalFileTime
 0x6101f8 FileTimeToSystemTime
 0x6101fc VirtualQuery
 0x610200 VirtualProtect
 0x610204 HeapReAlloc
 0x610208 ExitProcess
 0x61020c RtlUnwind
 0x610210 VirtualAlloc
 0x610214 VirtualFree
 0x610218 IsProcessorFeaturePresent
 0x61021c HeapAlloc
 0x610220 GetProcessHeap
 0x610224 HeapFree
 0x610228 GetACP
 0x61022c GetOEMCP
 0x610230 IsValidCodePage
 0x610234 HeapCreate
 0x610238 InterlockedExchange
 0x61023c DeleteFileA
 0x610240 OpenProcess
 0x610244 HeapSize
 0x610248 GetConsoleCP
 0x61024c GetConsoleMode
 0x610250 SetHandleCount
 0x610254 GetFileType
 0x610258 SetFilePointer
 0x61025c GetFullPathNameA
 0x610260 GetCurrentDirectoryA
 0x610264 GetModuleHandleA
 0x610268 FreeEnvironmentStringsW
 0x61026c Process32FirstW
 0x610270 Process32NextW
 0x610274 LoadLibraryW
 0x610278 ProcessIdToSessionId
 0x61027c GetVersionExW
 0x610280 CreateProcessA
 0x610284 VerSetConditionMask
 0x610288 VerifyVersionInfoW
 0x61028c CreateFileMappingW
 0x610290 GetProcAddress
 0x610294 lstrcmpiW
 0x610298 LoadLibraryExW
 0x61029c FindResourceW
 0x6102a0 LoadResource
 0x6102a4 SizeofResource
 0x6102a8 MultiByteToWideChar
 0x6102ac FreeLibrary
 0x6102b0 InitializeCriticalSection
 0x6102b4 lstrlenW
 0x6102b8 GetModuleFileNameW
 0x6102bc GetModuleHandleW
 0x6102c0 GetCPInfo
 0x6102c4 UnmapViewOfFile
 0x6102c8 MapViewOfFile
 0x6102cc OpenFileMappingW
 0x6102d0 GetTickCount
 0x6102d4 GetCurrentProcessId
 0x6102d8 GetModuleFileNameA
 0x6102dc Sleep
 0x6102e0 CreateMutexW
 0x6102e4 CloseHandle
 0x6102e8 GetLastError
 0x6102ec InterlockedDecrement
 0x6102f0 InterlockedIncrement
 0x6102f4 GetCurrentProcess
 0x6102f8 FlushInstructionCache
 0x6102fc RaiseException
 0x610300 GetCurrentThreadId
 0x610304 SetLastError
 0x610308 LeaveCriticalSection
 0x61030c EnterCriticalSection
 0x610310 DeleteCriticalSection
 0x610314 InitializeCriticalSectionAndSpinCount
 0x610318 GetEnvironmentStringsW
 0x61031c GetCommandLineW
 0x610320 LCMapStringA
 0x610324 LCMapStringW
 0x610328 FlushFileBuffers
 0x61032c GetLocaleInfoA
 0x610330 GetStringTypeA
 0x610334 GetStringTypeW
 0x610338 SetStdHandle
 0x61033c WriteConsoleA
 0x610340 GetConsoleOutputCP
 0x610344 WriteConsoleW
 0x610348 CompareStringA
 0x61034c CompareStringW
 0x610350 SetEnvironmentVariableA
 0x610354 SetEndOfFile
 0x610358 GetStdHandle
 0x61035c LocalAlloc
 0x610360 LoadLibraryA
USER32.dll
 0x610394 EnumWindows
 0x610398 WindowFromPoint
 0x61039c UnregisterClassW
 0x6103a0 RegisterClassW
 0x6103a4 SendInput
 0x6103a8 UnregisterHotKey
 0x6103ac GetDesktopWindow
 0x6103b0 SetLayeredWindowAttributes
 0x6103b4 RegisterHotKey
 0x6103b8 GetClipboardData
 0x6103bc GetPriorityClipboardFormat
 0x6103c0 GetClipboardSequenceNumber
 0x6103c4 ExitWindowsEx
 0x6103c8 OpenClipboard
 0x6103cc EmptyClipboard
 0x6103d0 SetClipboardData
 0x6103d4 CloseClipboard
 0x6103d8 GetThreadDesktop
 0x6103dc FindWindowW
 0x6103e0 GetDlgItemTextW
 0x6103e4 GetDlgItemInt
 0x6103e8 SetDlgItemTextW
 0x6103ec SetDlgItemInt
 0x6103f0 SendDlgItemMessageW
 0x6103f4 SetScrollInfo
 0x6103f8 ShowScrollBar
 0x6103fc GetScrollInfo
 0x610400 ClientToScreen
 0x610404 DrawTextA
 0x610408 FillRect
 0x61040c EnableWindow
 0x610410 SetScrollPos
 0x610414 GetScrollRange
 0x610418 GetScrollPos
 0x61041c GetWindowThreadProcessId
 0x610420 CallWindowProcW
 0x610424 MonitorFromPoint
 0x610428 CheckMenuItem
 0x61042c EnumDisplaySettingsW
 0x610430 EnableMenuItem
 0x610434 DeleteMenu
 0x610438 LoadMenuW
 0x61043c DialogBoxParamW
 0x610440 GetDlgCtrlID
 0x610444 GetActiveWindow
 0x610448 SetFocus
 0x61044c GetCursorPos
 0x610450 DrawTextW
 0x610454 GetWindowTextLengthW
 0x610458 GetKeyState
 0x61045c CreatePopupMenu
 0x610460 AppendMenuW
 0x610464 TrackPopupMenu
 0x610468 DestroyMenu
 0x61046c SetCapture
 0x610470 GetCapture
 0x610474 PtInRect
 0x610478 SetCursor
 0x61047c ReleaseCapture
 0x610480 SystemParametersInfoW
 0x610484 ChangeDisplaySettingsW
 0x610488 SetForegroundWindow
 0x61048c IsWindow
 0x610490 EndPaint
 0x610494 BeginPaint
 0x610498 DestroyIcon
 0x61049c IsWindowVisible
 0x6104a0 OffsetRect
 0x6104a4 LoadIconW
 0x6104a8 DrawIconEx
 0x6104ac UnionRect
 0x6104b0 mouse_event
 0x6104b4 OpenInputDesktop
 0x6104b8 IntersectRect
 0x6104bc GetUserObjectInformationW
 0x6104c0 MoveWindow
 0x6104c4 EnumDisplayMonitors
 0x6104c8 KillTimer
 0x6104cc LoadImageW
 0x6104d0 GetParent
 0x6104d4 GetWindow
 0x6104d8 GetWindowRect
 0x6104dc GetWindowLongW
 0x6104e0 MonitorFromWindow
 0x6104e4 GetMonitorInfoW
 0x6104e8 GetIconInfo
 0x6104ec GetCursorInfo
 0x6104f0 BlockInput
 0x6104f4 GetSubMenu
 0x6104f8 MapVirtualKeyW
 0x6104fc MapWindowPoints
 0x610500 SendMessageW
 0x610504 SetTimer
 0x610508 SetWindowTextW
 0x61050c GetSystemMetrics
 0x610510 IsDialogMessageW
 0x610514 GetDC
 0x610518 ReleaseDC
 0x61051c CharNextW
 0x610520 RegisterClassExW
 0x610524 LoadCursorW
 0x610528 GetClassInfoExW
 0x61052c CreateWindowExW
 0x610530 MessageBoxW
 0x610534 DefWindowProcW
 0x610538 PeekMessageW
 0x61053c SetWindowLongW
 0x610540 EndDialog
 0x610544 DestroyWindow
 0x610548 CreateDialogParamW
 0x61054c LoadStringW
 0x610550 LockWorkStation
 0x610554 GetDlgItem
 0x610558 GetDlgItemTextA
 0x61055c GetClientRect
 0x610560 SetWindowPos
 0x610564 ShowWindow
 0x610568 InvalidateRect
 0x61056c UpdateWindow
 0x610570 PostMessageW
 0x610574 OpenDesktopW
 0x610578 SetThreadDesktop
 0x61057c CloseDesktop
 0x610580 GetMessageW
 0x610584 PostQuitMessage
 0x610588 TranslateMessage
 0x61058c DispatchMessageW
 0x610590 PostThreadMessageW
 0x610594 UnregisterClassA
 0x610598 GetWindowTextW
GDI32.dll
 0x610074 CreateDCW
 0x610078 BitBlt
 0x61007c RestoreDC
 0x610080 GetPaletteEntries
 0x610084 ExtSelectClipRgn
 0x610088 CreateRectRgn
 0x61008c StretchBlt
 0x610090 CreateCompatibleDC
 0x610094 CreateDIBSection
 0x610098 SetStretchBltMode
 0x61009c GetObjectW
 0x6100a0 GetDIBits
 0x6100a4 GetTextExtentExPointW
 0x6100a8 CreateHatchBrush
 0x6100ac CreateFontW
 0x6100b0 ExtTextOutW
 0x6100b4 RoundRect
 0x6100b8 Polygon
 0x6100bc Ellipse
 0x6100c0 ExcludeClipRect
 0x6100c4 SelectClipRgn
 0x6100c8 SetViewportOrgEx
 0x6100cc SetBkColor
 0x6100d0 CreatePen
 0x6100d4 GetStockObject
 0x6100d8 GetDeviceCaps
 0x6100dc DeleteObject
 0x6100e0 CreateSolidBrush
 0x6100e4 Rectangle
 0x6100e8 SelectObject
 0x6100ec DeleteDC
 0x6100f0 PatBlt
 0x6100f4 SetTextColor
 0x6100f8 SaveDC
 0x6100fc TextOutW
 0x610100 SetBkMode
ADVAPI32.dll
 0x610000 LookupPrivilegeValueW
 0x610004 AdjustTokenPrivileges
 0x610008 OpenProcessToken
 0x61000c DuplicateTokenEx
 0x610010 SetTokenInformation
 0x610014 CreateProcessAsUserW
 0x610018 StartServiceCtrlDispatcherW
 0x61001c RegisterServiceCtrlHandlerW
 0x610020 SetServiceStatus
 0x610024 DeleteService
 0x610028 CreateServiceW
 0x61002c OpenServiceW
 0x610030 StartServiceW
 0x610034 ControlService
 0x610038 ChangeServiceConfig2W
 0x61003c OpenSCManagerW
 0x610040 CloseServiceHandle
 0x610044 RegQueryValueExW
 0x610048 GetUserNameW
 0x61004c RegQueryInfoKeyW
 0x610050 RegSetValueExW
 0x610054 RegEnumKeyExW
 0x610058 RegOpenKeyExW
 0x61005c RegCreateKeyExW
 0x610060 RegCloseKey
 0x610064 RegDeleteValueW
 0x610068 RegDeleteKeyW
 0x61006c CreateProcessAsUserA
SHELL32.dll
 0x610378 SHGetFolderPathW
 0x61037c DragFinish
 0x610380 Shell_NotifyIconW
 0x610384 DragAcceptFiles
 0x610388 ShellExecuteA
 0x61038c DragQueryFileW
ole32.dll
 0x610628 CoTaskMemFree
 0x61062c CoTaskMemAlloc
 0x610630 CoTaskMemRealloc
 0x610634 CoInitializeEx
 0x610638 CoUninitialize
 0x61063c PropVariantClear
 0x610640 CoCreateInstance
OLEAUT32.dll
 0x610368 VariantClear
 0x61036c VarUI4FromStr
 0x610370 VariantInit
USERENV.dll
 0x6105a0 DestroyEnvironmentBlock
 0x6105a4 CreateEnvironmentBlock

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure